Security Model (In-Role Cache for Windows Azure Cache)
Updated: February 24, 2014
This topic describes security considerations for Windows Azure Cache.
In-Role Cache on Windows Azure Cache
In In-Role Cache, the security for caches that reside on Windows Azure roles is dependent on standard Windows Azure security concepts. In Windows Azure, virtual machine instances are isolated from other virtual machines in the Windows Azure datacenter. The application must explicitly create external and internal endpoints to permit communication with and among the roles.
In-Role Cache uses the memory on all instances of a single role within a single deployment to provide Cache resources to the associated Windows Azure application. The only clients that can access the cache cluster are clients within the same deployment.
Windows Azure Shared Caching
With Shared Caching, the servers that host your cache are part of a multitenant environment that is shared among many users. For this reason, access to the cache is controlled using Windows Azure Active Directory Access Control (also known as Access Control Service or ACS). The Management Portal provides a Service URL that is used to locate the cache. But the Authentication Token, an ACS key, controls access to the cache. In this model, the security of the cache is directly related to the security of the Service URL and Authentication Token values.